This repository was archived by the owner on Apr 12, 2024. It is now read-only.
File tree 1 file changed +9
-0
lines changed
1 file changed +9
-0
lines changed Original file line number Diff line number Diff line change @@ -246,6 +246,15 @@ describe('HTML', function() {
246246 it ( 'should sanitize SVG xmlns:xlink attribute values' , function ( ) {
247247 expectHTML ( '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><a xmlns:xhref="javascript:alert()"></a></svg>' )
248248 . toEqual ( '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><a></a></svg>' ) ;
249+
250+ expectHTML ( '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><a xmlns:xhref="https://example.com"></a></svg>' )
251+ . toEqual ( '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><a></a></svg>' ) ;
252+
253+ expectHTML ( '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><a xlink:href="javascript:alert()"></a></svg>' )
254+ . toEqual ( '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><a></a></svg>' ) ;
255+
256+ expectHTML ( '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><a xlink:href="https://example.com"></a></svg>' )
257+ . toEqual ( '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><a xlink:href="https://example.com"></a></svg>' ) ;
249258 } ) ;
250259
251260 describe ( 'htmlSanitizerWriter' , function ( ) {
You can’t perform that action at this time.
0 commit comments